Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.